Date: Thu, 05 Apr 2001 22:51:47 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Jesper Skriver <jesper@skriver.dk> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/ntp/ntpd ntp_control.c Message-ID: <28521.986503907@critter> In-Reply-To: Your message of "Thu, 05 Apr 2001 22:47:07 %2B0200." <20010405224707.A81542@skriver.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010405224707.A81542@skriver.dk>, Jesper Skriver writes: >On Wed, Apr 04, 2001 at 04:07:22PM -0700, Poul-Henning Kamp wrote: >> phk 2001/04/04 16:07:22 PDT >> >> Modified files: >> contrib/ntp/ntpd ntp_control.c >> Log: >> Fix a potential ROOT-exploit in NTPD. >> >> PR: 26358 >> Reviewed by: dima >> >> Revision Changes Path >> 1.2 +21 -1 src/contrib/ntp/ntpd/ntp_control.c > >ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc > >Say: "Jason Thorpe for changes to not overrun the end of the static buffer" >in regard to the patch applied to FreeBSD, are they right, or ? There seems to be an off-by-one in my stopgap patch. I won't be able to look at it for another 16 hours I'm afraid, everybody else are more than welcome to jump on that and any other issues. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28521.986503907>